Phishers use web analytics to gauge success

In yet another indication of cybercriminals operating more like a business, researchers have discovered a major phishing campaign that relied on Web analytics to hone its attack against a bank, Dark Reading reported April 5. Researchers at security firm RSA say a phisher targeting a specific bank in South America used a free Web analytics tool to gather statistics on how his attacks performed and details about his victims’ systems. He configured it like any other Web analytics service, using embedded JavaScript code on his Web page visited by victims who fell for the phishing attack. The code records data such as the number of “hits” on the page, as well as specifics like the user’s operating system and browser type. A communications specialist for RSA’s FraudAction Knowledge Delivery said the attacker can glean plenty of valuable information from Web analytics: traffic trends and intelligence on the best time to send out its spam phishing run. “Using Web analytics stats, they can get quite a bit of information: number of hits — how credible was the spam e-mail?; best time for blasting out their campaigns — night/weekends?; pages viewed per visitor — did the consumer go through the whole phishing kit?; success of a particular spam e-mailing list they’ve purchased; or the success of an underground spamming service they’ve paid for,” she said.